There is a security loop hole when i rename a .nupkg extension to a .zip extension. when the zip extension is extracted we can see the source code files.
- rename to project.zip
- extract project.zip
- Source code is exposed
This is a compliance issue when development partners hold full rights to the source code.
Did i just find a security flaw? or is there a workaround to prevent this from happening.